php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44409 PDO::FETCH_SERIALIZE calls __construct()
Submitted: 2008-03-11 19:53 UTC Modified: 2009-03-23 23:20 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:2 of 2 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (50.0%)
From: uwendel at mysql dot com Assigned: felipe (profile)
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-03-11 (CVS) OS: *
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: uwendel at mysql dot com
New email:
PHP Version: OS:

 

 [2008-03-11 19:53 UTC] uwendel at mysql dot com
Description:
------------
There seems to be very few documentation about PDO::FETCH_SERIALIZE in the PHP manual but playing the guessing game from the code it seems that this feature aims to support SPL/Serialize interface. As I'm not sure about the purpose of PDO::FETCH_SERIALIZE I'm not sure if the following is a bug or not. However, it seems to me that PDO::FETCH_SERIALIZE unintentionally calls __construct().

One of the main ideas behind SPL/Serialize interface seems to be that for unserialization the constructor of a class does not get called. The constructor of a class has a different meaning than a helper function like unserialize() and thus should not be called automatically. Let's check:

class myclass implements Serialize {
  public function __construct() {
    printf("%s()\n", __METHOD__);
  }
  public function serialize() {
    printf("%s()\n", __METHOD__);
    return "any data from serialize()";
  }
  public function unserialize($dat) {
    printf("%s(%s)\n", __METHOD__, var_export($dat, true));
  }
}

$obj1 = new myclass()     
  ---> myclass::__construct()
$tmp  = serialize($obj1)    
$obj2 = unserialize($tmp) 
  ---> myclass::unserialize('any data from serizalize()')

__construct() gets called only once for object creation but not again during unserialization. Let's try that with PDO:

[...]
$stmt = $db->query("SELECT dat FROM test");
$rows = $stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIZALIZE, "myclass");
  --> myclass::unserialize("data from DB")
  --> myclass::__construct()
[...]

PDO first calls unserialize() as its supposed to do. But then it also calls __construct() which is against the idea of the Serialize interface not to call the constructor automatically during unserialization.

Reproduce code:
---------------
sapi/cli/php -r '$db = new PDO("sqlite:/tmp/foo"); $db->exec("DROP TABLE test"); $db->exec("CREATE TABLE test(dat VARCHAR(100))"); $db->exec("INSERT INTO test(dat) VALUES (\"Data from DB\")"); class myclass implements Serializable { public function __construct() { printf("%s()\n", __METHOD__); } public function serialize() { return "any data from serizalize()"; } public function unserialize($dat) { printf("%s(%s)\n", __METHOD__, var_export($dat, true)); }} $stmt = $db->query("SELECT * FROM test"); var_dump($stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, "myclass")); $obj = new myclass(); var_dump(unserialize(serialize($obj)));'
myclass::unserialize('Data from DB')
myclass::__construct()
array(1) {
  [0]=>
  object(myclass)#3 (0) {
  }
}
myclass::__construct()
myclass::unserialize('any data from serizalize()')
object(myclass)#4 (0) {
}



Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-02-15 21:11 UTC] davidc@php.net
Hmm is it supposed to say: PDO::FETCH_SERIZALIZE?
 [2009-03-22 10:04 UTC] matteo at beccati dot com
Fix available at:

http://www.beccati.com/misc/php/pdo_pgsql_bug44409_php_5_3.patch
 [2009-03-23 23:20 UTC] felipe@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

Commited in 5.3 and HEAD, thanks for the patch! :)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 12:01:29 2024 UTC